The use of electromagnetic fields as a communication medium is ubiquitous in today's society. Both communication over physical media, such as wires, and wireless communication, such as broadcast radio, television and satellite, infrared, and ultrasound, are widespread and commonplace. Such communication may be made over long distances, or over much shorter distances, such as closed-circuit television or a client human being using a terminal to communicate with a local server. Other media may be used for wireless communication, including acoustic such as ultrasonic, sonic, and subsonic, electric field and magnetic field.
In some situations, a user is physically present at a terminal or communication system, for the duration of a transaction. The terminal is available to all interested users, and a user having need of the service provided by the terminal seeks it out and uses it to make the transaction. Examples of such terminals are public pay telephones and Automatic Teller Machines (ATM).
Many transactions involve the use of a portable instrumentality or an input device such as a keypad, for verifying the identity of the user in order to authorize the transaction, make a charge for the service, etc. Often, this portable instrumentality takes the form of a card or badge bearing a magnetically encoded stripe, which is readable by the terminal. For instance, a user seeking cash from an ATM stands before the ATM, inserts his/her card, and keys in a Personal Identification Number (PIN), followed by menu-prompted transaction instructions. Authorization of the transaction is based on a verification of the user's identity based on a combination of (i) the user's possession of the authorizing card, and (ii) the user's knowledge of the PIN.
However, this form of communication could expose the user to physical hazards, and the card to theft and unauthorized access. U.S. Pat. No. 5,796,827 to Coppersmith et al, which is incorporated herein by reference, addressed this problem by providing an apparatus and method for utilizing the human body as a communication medium to transmit information related to the user, to protect the user's privacy and the confidentiality of the information against unauthorized access. The patented communication system produces small currents in the human body, externally induced by electrostatic field coupling, which provides for wireless identification and authentication among proximate devices. The system encrypts data and provides for easy and rapid receipt and authentication of the encrypted data, with sufficient capacity to handle millions of unique transmitter codes.
U.S. Pat. No. 5,657,388 to Weiss describes an attempt at improving the secure access to electronic information by utilizing a token that may contain a public ID, to provide secure access by authorized users to a selected resource. The token stores a secret user code in machine readable form, which code is read by a token processor. The token processor receives a time-varying value and an algorithm, both of which may be stored or generated at either the token or the token processor, and a secret personal identification code which may be inputted at the token or the token processor. The secret user code, time-varying value, and secret personal identification code are then algorithmically combined by the algorithm to generate a one-time nonpredictable code which is transmitted to a host processor. The host processor utilizes the received one-time nonpredictable code to determine if the user is authorized access to the resource and grants access to the resource if the user is determined to be authorized.
However, the systems described in U.S. Pat. No. 5,657,388 and other similar publications still rely on the transmission of a public key or other public ID for proper authentication. The public ID which typically includes a static code value is also subject to surreptitious detection, and can be used to associate a particular user or object with a specific transmission, compromising the user's or object's privacy.
While conventional devices have provided significantly enhanced security for data processing systems, databases and other information resources there still remains an unsatisfied need for a further improved system that eliminates the need for public keys or IDs, thus further minimizing invasion of privacy, security risk and exposure.
As an example, though identification badges that wirelessly transmit an ID code can be used to locate someone in a building, such as to find doctors in a hospital, maintenance people in a factory, or key personnel in an office, individual privacy might be compromised in that the badge users can be tracked all the time without their control or consent. It would therefore be desirable to have a system that limits access to tracking information, such as allowing a badge user to be tracked for limited time periods that are determined by this particular user.